PMTUD broken with ipv6.juniper.net?

Jared Mauch jared at puck.nether.net
Wed Feb 2 23:09:58 CET 2011


Let me forward this over to people there to look at... It's sadly in our customers network but we can send it to those contacts.

Blocking icmp can be silly, but blocking icmpv6 is problematic....

I do worry that the ipv6 universe will be 1280 vs the 1476/1500 in v4 land...

Sent from my iThing

On Feb 2, 2011, at 4:45 PM, Daniel Roesen <dr at cluenet.de> wrote:

> On Wed, Feb 02, 2011 at 07:47:38AM -0500, Jared Mauch wrote:
>> I want to get the broken network elements fixed.  If you see any in
>> the NTT network, please let me know as I want to solve it.
> 
> Not really your network, but your customer.
> 
> It looks like PMTUD is broken on http://ipv6.juniper.net/ - folks with
> MTU 1500 IPv6 access have no problems, but I'm behind a tunnel at home,
> but not doing MSS clamping, so advertising MSS=1440. Net result looks
> like "something" is prolly filtering the ICMP frag needed packets from
> the tunnel broker.
> 
> Forward path: SixXS broker at AS8422 -> AS1299 -> NTT -> JNPR
> 
> ...
> 14   182 ms   182 ms   182 ms  ae-1.r06.mlpsca01.us.bb.gin.ntt.net [2001:418:0:2000::366]
> 15   183 ms   182 ms   196 ms  fa-0.juniper-networks.mlpsca01.us.bb.gin.ntt.net [2001:418:9800:5000::6]
> 16     *        *        *     Request timed out.
> 
> Source IP within 2001:4dd0:fea5::/48
> 
> If you have contacts for IPv6 firewalls at JNPR, would be nice to get in
> touch with them sorting that out. Cannot be that they completely filter
> ICMP for s3cUriTy? :-P
> 
> 
> Best regards,
> Daniel
> 
> -- 
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0


More information about the ipv6-ops mailing list